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I.  Introduction 


The  purpose  of  this  report  is  to  demonstrate  a  small  Prolog  program  that  verifies  the  relation 
J  —  (j  where  /  and  g  are  two  Boolean  formulas.  Portions  of  the  proof  process  are  accomplished 
using  the  pattern  matching  feature  of  Prolog.  The  Prolog  program  was  developed  to  augment 
the  theorem  proving  process  of  the  Higher  Order  Logic  (HOL)  system  as  described  in  [l]  and  [2], 
The  Prolog  program  implements  Boole’s  Expansion  Theorem  within  the  confines  of  Prolog’s  depth- 
first  search.  A  type  of  Greedy  algorithm  is  also  presented  through  the  generous  use  of  cuts.  The 
operators  used  within  the  confines  of  the  algorithm  are  complement,  conjunction,  disjunction,  and 
exclusive  or.  Finally,  the  Prolog  routine  is  presented  with  some  examples. 

The  organization  of  the  presentation  includes  a  short  explanation  of  the  theory,  examination 
of  the  structure  of  the  problem,  discussion  of  the  solution  in  Prolog,  presentation  of  some  examples, 
and  some  conclusions.  Boolean  formulas  of  n  variables  are  represented  by  f(X),  g( X),  or  h(X) 
where  X  is  an  n- variable  vector.  The  operators  used  are  +  for  disjunction,  *  for  conjunction,  ’ 
for  complement,  and  ©  for  exclusive  or.  The  *  may  be  dropped  when  doing  so  does  not  lead  to 
ambiguities.  Furthermore.  /,  g,  or  h  may  be  used  in  place  of  f(X),  g(X),  or  h(X),  respectively. 
The  elements  of  X  may  be  enumerated  sis  Xi ,  X2,  •••,  Xn  to  show  the  first  element,  second  element, 
and  up  to  the  nth  element. 
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II.  Background:  Boole’s  Expansion  Theorem 

Houle’s  Expansion  Theorem,  which  was  specialized  to  switching  functions  in  [3],  states  for  a 
function  of  one  variable  that  [4] 

f(x)  =  i(l)x  +  1(0) (1-x) . 

For  a  function  of  two  variables  [4] 

1 (x ,y)  =  fu,l)xy  +  la.O)x(l-y)  +  l(0,l)(l-x)y  +  l(0,0)(l-x)(l-y) . 

The  form  “(1  —  x)”  was  used  by  Boole  to  express  “the  complement  of  x”  and  the  “+”  operator  was 
used  as  modulo-two  sum.  Shannon  provides  an  expansion  about  one  variable  whose  values  may 
only  be  in  {0,1}  (3j: 

1(X1,X2, . . . ,Xn)  =  Xll (1 ,X2, . . . ,Xn)  +  X1'1(0,X2, . . . ,Xn) . 

For  two  variables  the  Shannon  expansion  is 

f (XI ,X2, . . . ,Xn)  =  X1X21 (1 , 1 ,X3 , . . . ,Xn)  +  X1X2’1(1 ,0,X3 . Xn) 

+  Xl'X2f(0,l.X3 . Xn)  +  Xl'X2'f  (0.0.X3 . Xn)  . 

The  expansion  is  further  generalized  to  functions  of  n  variables  by  both  Boole  [4]  and  Shannon 
[3].  A  proof  that  Boole’s  Expansion  Theorem  holds  for  every  n- variable  Boolean  function  is  provided 
in  [5].  Even  though  Shannon  is  often  credited  with  the  development  of  this  expansion,  it  was 
originally  developed  by  Boole.  This  expansion  process  will  therefore  be  referred  to  in  this  paper  as 
Boole’s  Expansion  Theorem. 
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III.  Analysis  of  the  Problem 


The  problem,  given  two  n-variable  Boolean  formulas,  /  and  g,  is  to  show  that  they  are 
equivalent  using  Boole’s  Expansion  Theorem.  We  may  assume  that  the  formulas  will  be  presented 
separately.  Since  the  problem  is  to  show  that  /  =  g,  the  two  formulas  may  be  further  expanded  as 
follows. 

Theorem  1  /  =  g  iff 


f(l,A2t...,Xn)  =  y(l,X2,...,Xn)  (1) 

/(0,  X2, ...,  An)  =  g(0,X2,  ...,  An).  (2) 

Proof  1  Without  loss  of  generality,  we  will  consider  the  case  Vx  GB  f(x)  =  g(x)  where  B  is  the 
carrier  for  a  Boolean  algebra.  By  Boole’s  Expansion  Theorem,  it  is  true  that 

f(x)  =  2/(1)  +  *7(0) 


and 

g(x)  =  x<?(l)  +  x'g(0). 

We  may  then  perform  the  appropriate  substitution  for  f(x)  =  g(x). 

(/(*)=  0(*))  +>  ((xf(l)  +  x'f(0))  =  (xg(l)  +  x'g(0))) 

From  [6]  we  have  (u  =  v)  (tt  ©  v  —  0).  Thus 

(f(x)  =  g(x))  O  (x/(l)  +  x7(0))®(x3(l)  +  x'cf(0))  =  0 

x'g(0)f(0)  +  *a(l)/'(l)  +  x'f{0)g'(0)  +  x/(l)jr'(l)  =  0 
O  *(«?(1)/'(1)  +  /(l)ff'(l))  +  x'(ff(0)/'(0)  +  f(0)g'(0))  =  0 
O  *(s(l)//(l)  +  /(1)<7'(1))  =  0  and  x'(g(0)f'(0)  +  /(0V(0))  =  0 

Then  Vx  GB  we  have  the  system 


x(g(l)f'(l)  +  f(l)g'(l))  =  0, 

x'(g(0)f'(0)  +  /(0)a'(0))  =  o. 

The  above  system  is  true  iff  f(l)=g(l)  and  f(0)=g(0).  □ 

The  process  of  Theorem  1  is  performed  recursively  over  all  variables  of  the  formulas  /  and 
g.  From  the  original  set  of  formulas,  /  =  g,  expansion  on  the  first  variable  leads  to  two  separate 
equations.  Expansion  on  the  next  variable  leads  to  four  separate  equations.  The  process  continues 
until  2n  separate  equations  exist.  Boolean  formulas  that  represent  the  same  Boolean  function  may 
contain  literals  such  that  once  a  given  number  of  variables  have  been  expanded  on,  the  result  might 
be  two  Boolean  formulas  that  match  in  their  pattern  of  literals.  Consider  the  following  example 
for  /  and  g. 


f(x,y,z)  =  x(y  +  z)  +  y'z. 
g(x,y,z)  =  xy  +  y’z. 

By  Theorem  1,  /  =  g  holds  iff  f(0,y,z)  =  g{0,y,z)  and  f{l,y,z)  =  g{l,y,z),  i  e. ,  f  =  g  iff  the 
result 

y'z  =  y'  z 
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and 


y  +  z  +  y'z  =  y  +  y'z 


is  verified. 

At  this  point,  it  is  no  longer  necessary  to  expand  on  the  formulas  produced  from  x  =  0,  since 
! f  z  —  ]/ z  simply  by  pattern  matching.  Thus,  for  some  j  <  n,  portions  of  the  expansion  process 
may  be  performed  in  O(j)  time  simply  by  pattern  recognition.  The  pattern  matching  feature  of 
Prolog  can  then  supply  increased  efficiency  simply  by  checking  for  one  Boolean  formula  to  match 
a  second  Boolean  formula  before  expanding  on  its  variables. 
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IV.  Prolog  Implementation 


Based  on  the  considerations  in  the  previous  section,  a  Prolog  implementation  was  generated. 
In  this  section,  the  Prolog  code  to  implement  the  proof  of  f  =  g  will  Le  presented.  The  Prolog 
code  is  contained  in  two  files.  The  first  file,  called  ops,  is  used  to  define  the  operators.  The  second 
file,  called  verify,  performs  the  expansion  and  verification  of  the  Boolean  formulas. 

The  following  is  a  listing  of  the  file  ops.  The  four  operators  previously  defined  for  logical 
disjunction,  conjunction,  complement,  and  exclusive  or  had  to  be  redefined  to  accommodate  Prolog 
»  below.  The  op(510,ylx,$)  defines  the  $  as  ©.  The  op(500,y tx,t)  defines  the  @  as  +.  The 

op(400,yfx,*)  defines  the  *  as  *.  The  op(300,fx,  ')  defines  the  "  as 

op(610,yix,$) . 
op(500, ylx.fi) . 
op(400,yfx,*) . 
op(300 ,tx,  *). 

The  eval  clauses  provide  the  proper  evaluation  for  the  operators.  The  format  of  the  aval 
clause  is 

eval(XopY,  Z) 
or 

eval(Y ,  Z) 

where  X  and  Y  are  complemented  or  uncomplemented  terms  and  Z  is  the  derived  term. 

eval(l  ®  _ . 1 } :-! . 
eval(l  *  X , X) : - ! . 
evald  $  X,*  X) : - ! . 
eval(0  «  X,X) :-! . 
eval(0  "  _ , 0) :  — ! . 
eval(0  $  X,X) . 
eval(_  fi  1,1) . 
eval(X  *  1 , X) : — ! . 
eval(X  $  1 , ‘  X) . 
eval(X  «  0,X) . 
eval(_  ‘  0,0) : - ! . 
eval(X  $  0,X) :-! . 

eval(*  0,1) . 

eval(*  1,0):-! . 
eval("  X  ®  X , 1 ) : — ! . 

eval(X  «  '  X , 1) : - ! . 

eval("  X  *  X,0) . 

eval(X  *  '  X,0) . 

„  eval(X  $  X,0) . 

eval ("  X  $  X , 1 ) : — ! . 
eval(X  $  '  X , 1) :  -  •  . 
eval(X  «  X.X) . 
eval(X  '  X.X) :-! . 
eval(X,X) . 

For  the  remainder  of  this  section,  the  clauses  of  the  verify  program  will  be  discussed  in  the 
order  they  are  called. 
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The  first  clause  called  in  verify  is  go.  The  success  of  this  clause  is  based  upon  the  existence 
of  two  Boolean  formulas  expressed  within  a  fact  of  arity  two  called  eqtn.  Further,  the  eq  clause 
must  be  satisfied  with  regard  to  the  two  Boolean  formulas  from  the  eqtn  fact.  Prior  to  execution 
of  the  eq  clause,  the  evaluate  clause  is  called  to  reduce  expressions  that  meet  the  criteria  of  the 
eval  clauses.  A  Boolean  formula,  /(u,  i>,  w,  x,  y,  r),  where  u  and  v  have  been  set  to  some  value  in 
{0,1},  could  then  be  reduced  to  a  formula  of  f(w,  x,  y ,  z)  before  executing  the  eq  clause. 

go  :  - 

eqtn(X.Y) , 
evaluate(X.XNes) , 
evaluate(Y , YNew) , 
eq(XRew , YNew) . 

The  evaluate  clause  is  also  called  from  a  later  clause  called  divide.  The  evaluate  clause 
calls  upon  the  eval  clauses  loaded  from  the  ops  file  containing  the  operator  definitions.  At  this 
point,  the  Boolean  formula  is  reduced  based  upon  eliminations  of  terms  under  the  eval  rules. 

evaluate(X.X) :-atomic(X) , ! . 
evaluate('F.FReduced) 
evaluate (F, FT emp) , 
eval(‘FTemp,FReduced) , ! . 
evaluate (LOR, Resolved) 
evaluated,, LNew)  , 
evaluate(R.RNew) , 
eval(LNew<DRNew .Resolved)  . 
evaluate(L'R, Resolved) 
evaluated, LNew) , 
evaluated, RNew) , 
eval(LNew~RNeH, Resolved) . 
evaluated,  $  R, Resolved) 
evaluate(L,LNew) , 
evaluated, RNew) , 
evalfLNew  $  RNew .Resolved) . 

The  eq  clause  calls  other  clauses  in  order  to  perform  Boole’s  Expansion  Theorem.  The  clause 
first  checks  to  see  if  there  exists  a  straight  pattern  match  between  both  formulas.  If  so,  then  success 
is  achieved  upon  this  branch  of  the  depth-first  search  tree.  However,  should  immediate  success  not 
be  achieved,  a  variable  is  first  extracted  from  the  /  Boolean  formula  through  the  extract  clause. 
The  next  step  is  to  generate  the  /( 0),  /(l),  $t(0),  and  #(1)  Boolean  formulas  from  the  /  and  g 
Boolean  formulas  using  the  variable  chosen  from  the  extract  clause.  Then  the  eq  clause  is  called 
recursively  to  see  if  /( 0)  =  g( 0)  and  /(I)  =  g(  1). 

eq(X.X) . 
eq(F.G) 

extract (X.F) , 
divide (F, X ,F0, FI) , 
divide (G.X, GO, Gl) , ! , 
eq(FO.GO), ! , 
eq(Fl.Gl), ! . 
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The  extract  clause  finds  the  first  available  variable  in  the  operator  tree  for  /.  The  first 
extract  clause  checks  to  see  if  a  leaf  node  has  been  reached.  Should  it  be  the  case  that  a  leaf 
node  is  reached,  then  the  leaf  node  is  checked  to  be  either  a  1  or  0,  Otherwise,  the  leaf  node 
is  a  variable.  The  other  extract  clauses  allow  for  search  down  the  tree  on  the  four  operators 
complement,  disjunction,  conjunction,  or  exclusive  or. 

extract(X.X) 
atora(X) , ! . 

extract(X.'Y) 
oxtract(X.Y) . 

extract (X,LC_) 
extract(X.L) . 

extract (X , _®R) 
extract(X.R) . 

extract(X,L~_) 
extract(X.L) . 

extract (X,_"R) 
extract(X.R) . 

extract(X,L  $  _) 
extract(X.L) . 

extract(X,_  $  R) 
extract(X.R) . 

The  next  clause  called  upon  by  the  eq  clause  is  divide.  The  divide  clause  performs  two 
functions.  First,  the  /( 0)  and  /(l)  Boolean  formulas  are  generated  strictly  by  replacing  each 
occurrence  of  the  variable  of  interest  with  the  appropriate  0  or  1  value  in  the  operator  tree  for  f. 
The  second  part  of  the  divide  clause  involves  evaluation  of  the  /( 0)  and  /( 1)  Boolean  formulas  to 
eliminate  the  occurrence  of  0  and  1  where  possible,  and  occurrences  of  terms  that  are  eliminated 
due  to  the  assignment  of  0  or  1. 

divide(F, X ,F0 ,F1) 

remove_x_0(F,X,F0Temp) , 
remove_x_l(F,X,FlTemp) , 
evaluate(FOTemp.FO) , 
evaluate(FlTemp,Fl) . 

The  next  clause  considered  is  the  remove_x_0  clause  called  by  the  divide  clause.  The  purpose 
of  this  clause  is  to  search  the  operator  tree  of  a  Boolean  formula  and  replace  every  occurrence  of 
the  given  variable  with  a  0.  The  remove_x_0  clause  returns  the  new  operator  tree  when  all  leaves 
have  been  visited. 

remova_x_0(Y,X,Y) 
atom(Y) , 


7 


Y  \==  X, ! . 
remove_x_0(‘Y,X,'Y) 

aton(Y) , 

Y  \==  X. ! . 

remove_x_0(X,X,0)  !. 
remove_x_0("X,X,l) !. 
remove_x_0("Y ,X , 'NewY) 

i 

•  * 

remove_x_0(Y,X,NewY) . 
remove. x_0(L  €  R,X,LNew  4  RNew) 

i 

•  • 

removo_x_0(L,X,LNew) , 

remove.x.OCR.X.R^ew) • 
remove_x_0(L  *  R,X,LNew  *  RNew) 

I 

remove_x_0(L,X,LNew) , 
remove_x_0(R,X,RNew) . 
remove_x_0(L  $  R,X,L Sew  $  RNew) 

i 

■  » 

remove_x_0(L,X,LNew) , 
remove_x_0(R,X,RNew) . 

The  remove_x_l  clause  is  included  below  for  completeness.  Everything  mentioned  for  the 
remove_x_0  clause  is  also  valid  here. 

remove_x_l(Y,X,Y) 
atom(Y) , 

Y  \==  X. ! . 
re^ove_x_l(-Y.X,-Y) 

atom(Y) , 

Y  \==  X, * . 

remove_x_l(X,X, 1) !. 
reraove_x_l("X,X,0) !. 
remove_x_l("Y,X,"NewY) 

i 

•  » 

remove_x_l(Y,X,NewY) . 
remove_x_l(L  4  R,X,LNew  4  RNew) 

!  > 

remove_x_l (L , X ,LNew) , 
remove_x_l(R,X,RNew) . 
remove_x_l(L  *  R,X,LNew  *  RNew) 

i 

•  » 

rem  /ve_x_l (L,X ,LNew) , 
remove.x.KR.X.RNew; . 
remove_x_l(L  $  R,X,LNew  $  RNew) 

i 

•  * 

remove_x_l(L,X,LNew) , 
remove_x_l(R,X,RNew) . 

The  evaluate  clause  is  explained  after  the  discussion  of  the  go  clause. 
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All  of  the  clauses  described  above  may  be  placed  in  one  file  to  be  loaded  at  once;  however, 
there  is  a  specific  order  of  declaration  that  must  be  followed.  The  four  operation  declarations  using 
the  op  directive  must  be  read  first  by  Prolog.  Afterwards,  the  remaining  clauses  may  appear  in  any 
order.  If  Quintus  Prolog  is  being  used,  the  clauses  with  the  same  clause  head  should  be  grouped 
together. 

Caution  in  writing  the  code  was  used  to  ensure  conformance  to  Clocksin  and  Mellish  standard 
Prolog  [7].  To  date,  the  system  runs  under  Quintus  Prolog,  CProlog,  and  Prolog86.  The  code  has 
been  run  on  an  IBM  PC-AT,  SUN  4,  VAX  11/785,  MicroVAX  3600,  and  VAX  8800.  For  reading  in 
Boolean  formulas  greater  than  one  or  two  pages  in  length,  Quintus  Prolog  appears  to  be  the  only- 
implementation  of  the  three  that  succeeds. 


* 


* 
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V.  Examples 


This  Boolean  formula  verification  system  has  largely  been  used  to  verify  hardware  specifi¬ 
cations  and  implementations.  Some  cf  the  more  interesting  examples  of  the  use  of  this  routine 
have  been  in  comparing  large  Boolean  formulas  that  make  extensive  use  of  the  exclusive  or  op¬ 
erator.  Most  of  the  examples  presented  below  compare  Boolean  formulas  containing  exclusive  or 
operations. 

An  example  run  in  Quintus  Prolog  is  provided.  In  this  case,  we  wish  to  prove  De  Morgan's 
Law  between  /  and  g.  The  formulas  are  declared  in  a  clause  called  eqtn  within  a  file  called  equation. 

eqtn(("(  x  *  y)),(*  x  C  *  y)). 

The  following  is  a  log  of  the  session  verifying  the  equivalence  of  both  formulas. 

Quintus  Prolog  Release  2.4.2  (Sun-4,  SunOS  4.0) 

Copyright  (C)  1988,  Quintus  Computer  Systems,  Inc.  All  rights  reserved. 

1310  Villa  Street,  Mountain  View,  California  (415)  965-7700 

I  ?-  compile ([’ops’]) . 

[compiling  /tmp_mnt/auto/quintus/mdukes/wrdc2/ops . ..] 

[ops  compiled  0.400  sec  1,656  bytes] 

yes 

1  ?-  compile([’ verify']) . 

[compiling  /tmp_mnt/auto/quintus/mdukes/wrdc2/verify . . .] 

[verify  compiled  1.417  sec  3,428  bytes] 

yes 

I  ?-  ['equation']. 

[consulting  /tmp_mnt/auto/quintus/mdukes/vrdc2/equation. . .] 

[equation  consulted  0.034  sec  280  bytes] 

yes 

I  ?-  go. 
yes 

I  ?-  halt. 

If  we  change  the  Boolean  formulas  of  the  equation  file  from 
eqtn(('(  x  *  y)),C  x  fl  *  y)). 
to 

eqtn((*(  x  *  y)),(*  x  *  '  y)). 

the  following  result  will  be  obtained. 

CProlog  version  1.2a 
I  ?-  [’ops’]. 

ops  consulted  1352  bytes  0.150000  sec. 
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yes 

I  ?-  ['verify'] . 

verily  consulted  4980  bytes  0.466666  sec. 


yes 

I  ?-  [’equation’]. 

equation  consulted  84  bytes  0  sec. 

yes 

I  ?-  go. 
no 

I  7-  halt. 

[  Prolog  execution  halted  ] 

The  next  example  involves  the  consideration  of  parity  generation  for  an  eight-input  odd 
parity  generation  circuit.  For  this  example,  a,b,c,d,e,  f,g,  and  h  will  be  used  to  designate  the 
input  variables.  Consider  the  following  specification  for  odd  parity  generation: 

j  =  (a$(b$(c$(d$(e$(f$(g$h))))))). 

Even  though  the  expression  for  j  is  fairly  straightforward  the  problem  is  in  the  implementation.  If 
the  expression  for  j  were  implemented  directly,  a  delay  of  seven  exclusive  or  gates  would  be  incurred. 
Upon  rearranging  the  variables  using  the  associative  and  commutative  properties  of  exclusive  or, 
an  equivalent  Boolean  formula  is  obtained: 

k  =  (((h$g)$(f$e))$((d$c)$(b$a))). 

A  new  delay  of  three  exclusive  or  gates  would  result  for  the  implementation.  Figure  1  shows  both 
the  specification  and  implementation.  Using  Boole’s  Expansion  Theorem  to  verify  j  —  k  we  obtain 

Quintus  Prolog  Release  2.4.2  (Sun-4,  SunOS  4.0) 

Copyright  (C)  1988,  Quintus  Computer  Systems,  Inc.  All  rights  reserved. 

1310  Villa  Street,  Mountain  View,  Caliiornia  (415)  965-7700 

I  ?-  compile( [’ops’] ) . 

[compiling  /tmp_mnt/auto/quintus/mdukes/wrdc2/ops . ..] 

[ops  compiled  0.350  sec  1,656  bytes] 

yes 

I  ?-  compile( ['verify ’]) . 

[compiling  /tmp_mnt/auto/quintus/mdukes/wrdc2/verify . . .] 

[verify  compiled  1.417  sec  3,428  bytes] 

yes 

I  ?-  [’equation’] . 

[consulting  /tmp_mnt/auto/quintus/mdukes/wrdc2/equation.  .  .] 

[equation  consulted  0.033  sec  372  bytes] 

yes 


U 


Figure  1.  Specification  and  Implementation  of  Parity  Generator. 


I  ?-  go. 

yes 
I  ?- 
Stopped 

[33]  ares  ps  -ug 

USER  PID  ’/.CPU  ’/.MEM  SZ  RSS  TT  STAT  START  TIME  COMMAND 

mdukes  9421  0.0  2.7  248  840  pi  T  11:39  0:02  Prolog  /usr2/eng/mdukes/ 

[34]  ares  fg 
prolog 
halt 


From  the  statistics  gathered  by  the  system  for  the  Quintus  Prolog  session  on  a  SUN  4,  only 
two  seconds  of  CPU  time  were  spent  in  the  evaluation.  The  HOL  system  was  used  to  expand  the 
formulas  j  and  k  using  the  identity 


a$b  =  ('a'b)@(a*'b). 

The  following  new  formulas  for  j  and  k,  called  j_alt  and  k_alt  respectively,  were  obtained. 
j_alt  =  (*(*("h  *  g  «  h  *  *g)  -  Cf  *  e  C  f  *  *e)  C 
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('h  *  g  fl  h  *  *g)  *  "Cf  *  e  fl  t  *  "a) ) 
CCd  *  c  •  d  *  ”c)  *  ("b  *  a  «  b  *  *a)  fl 
( ‘d  *  c  fi  d  "  *c)  ‘  *(‘b  *  a  fl  b  *  *a))  fl 
CCh  "  g  9  h  *  *g)  *  (*i  “  e  ®  i  *  'e)  9 
("h  *  g  9  h  *  "g)  *  '('1  ‘  e  fi  i  ~  'a)) 
"CCd  ‘  c  «  d  '  *c)  ~  Cb  *  a  9  b  *  "a)  fl 
(*d  *  c  9  d  *  *c)  *  'Cb  *  a  9  b  *  "a))) 


and 


k_alt  =  (  *a  * 

(*b  * 

("c  * 

Cd  * 

Ca  •  Cl  ‘  Cg  ‘  h  «  g  ‘  ‘h)  «  i  '  *Cg  *  h  «  g  *  *b))  fl 
a  *  *  Cf  *  Cg  *  h  fl  g  *  *h)  ®  f  *  "Cg  h  fl  g  *h)))  6 

d  * 

"('a  *  Cf  *  Cg  ‘  h  «  g  ‘  'h)  «  f  '  'Cg  *  h  9  g  *  'h)>  fl 
a  *  'Cf  *  Cg  *  h  fl  g  ~  *h)  fl  f  “  'Cg  ‘  h  fl  g  '  *h))))  ® 


*('d  * 

("a  *  Cf  ‘  Cg  *  h  fi  g  '  *h)  fl  i  *  'Cg  '  h  fig  ‘  ~h))  6 

a  *  "Cf  *  Cg  "  h  fl  g  "  ”h)  «  1  *  "Cg  *  h  fi  g  *  *h)))  Q 

d  * 

'  Ca  *  Cf  '  Cg  *  h  fl  g  *  *h)  fl  f  *  'Cg  *  h  «  g  *  *h))  fi 

a  *  *('i  *  Cg  "  h  fl  g  "  *h)  fit*  'Cg  *  h  fl  g  *  *h)))))  fl 

b  * 

*(*c  * 

Cd  ' 

("a  ‘  Cf  '  Cg  *  h  fl  g  *  "h)  fl  f  ‘  *('g  *  h  0  g  "  *h))  C 

a  *  ~('t  ~  (*g  *hflg-*h)fli*  '('g  ‘  h  fl  g  *  'h)))  fl 

d  * 

’("a  "  Cf  "  Cg  "h«g"*h)flf“  "Cg  '  h  fl  g  ‘  'h))  fl 

a  *  "Cf  “  Cg  *hflg*'h)flf*  'Cg  *  h  «  g  *  *h))))  fl 

c  * 

'Cd  * 

("a  *  Cf  *  Cg  *h«g"'h)flf"  '('g  ‘  h  «  g  *  *h))  fl 

a  "  'Cf  '  Cg  *hflg''h)0f'  'Cg  *  h  fl  g  *  *h)))  fl 

d  * 

"('•  '  Cf  '  C  g  *  h  fl  g  *  *h)  fl  f  *  'Cg  -  h  «  g  *  *h))  « 

a  *  -(-f  *  ('g  *  h  «  g  *  *h)  «  f  "  '('g  '  h  fl  g  '  'h))))))  fl 

a  " 

*(-b  * 

Cc  " 

Cd  - 

Ca  *  Cf  *  Cg  *  h  e  g  -  -h)  fl  f  -  *Cg  -  h  fl  g  -  -h))  c 

a  *  '('1  *  Cg  'h«g*'h)«f*  "Cg  *  h  «  g  *  *h)))  fl 

d  * 

'Ca  *  Cl  -  Cg  *  h  «  g  ‘  -h)  fl  f  -  ‘Cg  *  h  «  g  '  -h))  « 

a  *  'Cf  *  Cg  *  h  fl  g  ‘  *h)  fl  f  *  '('g  *  h  fl  g  *  ~h))))  9 

c  * 

-Cd  - 
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Ce  *  Cl  ~  Cg  ‘  h  e  g  *  *h)  «  f  -  'Cg  -  h  «  g  -  -h))  C 

a  *  *(*f  *  ('g  *  h  C  g  "  ~h)  I  f  ‘  *Cg  *  h  fi  g  *  *h)))  fi 

d  * 

"Ce  *  Cf  ‘  Cg  *hfig-*h)fif"  *Cg  *  h  ®  g  “  *h) )  ® 
a  ‘  'Cf  *  Cg  ‘  h  ®  g  *  *h)  C  f  -  *Cg  *  h  •  g  *  -h)))))  • 
b  * 

"Cc  * 

Cd  * 

("a  *  Cf  "  Cg  ‘  h  (  g  ‘  1)  (  i  ‘  "Cg  *  h  «  g  *  *h))  C 

a  *  "Cf  *  ('g  "h®g*"h)®i*  *(‘g  *  h  «  g  *  *h)))  • 

d  * 

*("e  *  Ci  *  (*g  '  h  ®  g  ‘  *h)  I  f  ‘  "Cg  "  h  fi  g  *  "h))  0 

a  ‘  *Ci  *  Cg  ‘  h  «  g  -  *h)  C  t  -  ‘Cg  -  h  «  g  “  -h))))  ® 

c  * 

-Cd  - 

('a  -  Cf  *  Cg  ‘  h  «  g  *  -h)  «  f  -  'Cg  *  h  ®  g  *  "h)>  « 

a  -  -Cf  -  Cg  -  h  «  g  -  -h)  ®  f  -  -Cg  -  h  «  g  -  -h)))  « 

d  ‘ 

'('a  ‘ 

Cf  *  Cg  "  h  «  g  *  "h)  fi  f  *  "("g  “  h  ®  g  *  "h))  fi 

a  * 

-Cf  *  Cg  *  h  fi  g  -  *h)  «  f  -  'Cg  *  h  fi  g  *  -h))))))) 

Attempting  to  use  HOL  to  rearrange  j  or  k  through  the  laws  of  commutativity,  associativity, 
distributivity,  or  De  Morgan  would  have  been  tedious.  Using  an  HOL  tactic  called  BOOL_CASES_TAC 
[2]  for  this  small  example  would  have  required  a  relatively  large  amount  of  CPU  time  and  memory; 
however,  the  Prolog  program  accomplishes  the  task  more  efficiently  as  shown  in  the  expansion  that 
follows. 

Quintus  Prolog  Release  2.4.2  (Sun-4,  SunOS  4.0) 

Copyright  (C)  1988,  Quintus  Computer  Systems,  Inc.  All  rights  reserved. 

1310  Villa  Street,  Mountain  View,  California  (415)  965-7700 

I  ?-  compile ( [’ops '] ) . 

[compiling  /tmp_mnt/auto/quintus/mdukes/wrdc2/ops . ..] 

[ops  compiled  0.400  sec  1,656  bytes] 

yes 

I  ?-  compile( ['verify ’]) . 

[compiling  /tmp_mnt/auto/quintus/mdukes/wrdc2/verify . . .] 

[verify  compiled  1.450  sec  3,428  bytes] 

yes 

I  ?-  ['equation'] . 

[consulting  /tmp_mnt/auto/quintus/mdukes/wrdc2/equation. . .] 

[equation  consulted  0.567  sec  4,996  bytes] 

yes 

I  ?-  go. 

yes 

I  ?- 
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Stopped 

[32]  ares  ps  -ug 

USER  PID  '/.CPU  ‘/.MEM  SZ  RSS  TT  STAT  START  TIME  COMMAND 

mdukes  94S7  8.6  2.7  248  864  pi  T  12:06  0:04  Prolog  /usr2/eng/mdukes/ 

[33]  ares  fg 
prolog 
halt . 

Only  four  seconds  of  CPU  time  were  expended  to  verify  j  _a.lt  =  k_alt.  If  k_alt  is  altered  such 
that  the  sixth  line  up  in  the  formula  of  the  equation  file  is  changed  from 

e~~('f  ~(~g~h@g'  ~h)@f ''(~g‘h@g"'h)))@ 

to 

e‘~(~f  "(~g"h@g"h)@f  “  ~(~g"h@g)))@ 
the  following  result  is  obtained,  indicating  a  failure  of  equivalence. 

Quintus  Prolog  Release  2.4.2  (Sun-4,  SunOS  4.0) 

Copyright  (C)  1988,  Quintus  Computer  Systems,  Inc.  All  rights  reserved. 

1310  Villa  Street,  Mountain  View,  California  (41S)  965-7700 

I  ?-  compile( ['ops ’] ) . 

[compiling  /tmp_mnt/auto/quintus/mdukes/wrdc2/ops . . .] 

[ops  compiled  0.383  sec  1,656  bytes] 

yes 

I  ?-  compile( [’ verify ']) . 

[compiling  /tmp_mnt/auto/quintus/mdukes/wrdc2/verify . . .] 

[verify  compiled  1.433  sec  3,428  bytes] 

yes 

I  ?-  [’equation’] . 

[consulting  /tmp_mnt/auto/quintus/mdukes/Hrdc2/equation. . .] 

[equation  consulted  0.533  sec  4,984  bytes] 

yes 

I  ?-  go- 
no 

I  ?- 
Stopped 

[32]  ares  ps  -ug 

USER  PID  '/.CPU  ’/.MEM  SZ  RSS  TT  STAT  START  TIME  COMMAND 

mdukes  9476  11.9  2.7  248  864  pi  T  12:14  0:04  Prolog  /usr2/eng/mdukes/ 

[33]  ares  fg 
prolog 
halt . 


Again  only  four  seconds  of  CPU  time  were  expended.  Because  of  the  extensive  use  of  cuts, 
failure  usually  occurs  much  sooner  than  success  for  larger  formulas.  Some  larger  formulas  of  greater 
than  eight  variables  have  been  run  through  the  expansion  routine.  One  expansion  involving  two 
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formulas  of  sixteen  variables  and  greater  than  470  pages  was  run  through  the  expansion  routine  in 
less  than  15  minutes. 


* 


i 
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VI.  Conclusions 


'I'he  Prolog  implementation  of  Boole’s  Expansion  Theorem  using  the  /  =  g  form  appears  to 
ho  very  simple  and  efficient.  Part  of  the  success  of  the  routine  is  in  the  simple  pattern  matching 
between  an  expansion  of  /  and  g.  This  can  be  most  helpful  when  attempting  to  verify  expressions 
similar  to  a  straight  ripple-carry  adder  and  carry-select  adder  where  the  basic  adder  circuit  remains 
the  same.  The  pattern  matching  feature  helps  to  reduce  the  depth-first  search  space  of  the  expansion 
process.  If  two  Boolean  formulas  do  not  describe  the  same  Boolean  function,  failure  will  generally 
come  quickly  since  a  leaf  node  of  the  depth-first  solution  tree  will  generally  contain  a  conflict  before 
the  remaining  portion  of  the  formulas  is  expanded. 

Further  work  is  being  explored  to  go  beyond  the  current  Greedy  algorithm  method  of  the 
implementation.  A  type  of  generalized  best-first  search  option  is  being  considered.  In  this  case, 
examination  of  the  next  variable  for  expansion  is  determined  using  a  criterion  for  selecting  the 
variable  of  greatest  occurrence.  Identification  of  the  variable  would  be  further  based  on  reducing 
the  size  of  the  formulas  early  in  the  expansion  process  or  the  likelihood  of  causing  failure  early  in 
the  expansion  process. 
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